From owner-freebsd-stable@FreeBSD.ORG Mon Nov 1 23:51:26 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4761C1065673 for ; Mon, 1 Nov 2010 23:51:26 +0000 (UTC) (envelope-from peterjeremy@acm.org) Received: from fallbackmx07.syd.optusnet.com.au (fallbackmx07.syd.optusnet.com.au [211.29.132.9]) by mx1.freebsd.org (Postfix) with ESMTP id C22D88FC17 for ; Mon, 1 Nov 2010 23:51:25 +0000 (UTC) Received: from mail13.syd.optusnet.com.au (mail13.syd.optusnet.com.au [211.29.132.194]) by fallbackmx07.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id oA1J0WYL019481 for ; Tue, 2 Nov 2010 06:00:32 +1100 Received: from server.vk2pj.dyndns.org (c220-239-116-103.belrs4.nsw.optusnet.com.au [220.239.116.103]) by mail13.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id oA1J0QPx017696 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 2 Nov 2010 06:00:27 +1100 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.4/8.14.4) with ESMTP id oA1J0PFb094036; Tue, 2 Nov 2010 06:00:25 +1100 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.4/8.14.4/Submit) id oA1J0OOt093990; Tue, 2 Nov 2010 06:00:24 +1100 (EST) (envelope-from peter) Date: Tue, 2 Nov 2010 06:00:24 +1100 From: Peter Jeremy To: Stephen Clark Message-ID: <20101101190024.GA40940@server.vk2pj.dyndns.org> References: <4CCAE59E.5020006@earthlink.net> <20101029165405.GA82279@icarus.home.lan> <4CCB007D.8080204@earthlink.net> <20101029174014.GA82936@icarus.home.lan> <4CCB25CC.9050405@earthlink.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3" Content-Disposition: inline In-Reply-To: <4CCB25CC.9050405@earthlink.net> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.20 (2009-06-14) Cc: FreeBSD Stable Subject: Re: safe mode X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Nov 2010 23:51:26 -0000 --BOKacYhQ+x31HxR3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2010-Oct-29 15:51:40 -0400, Stephen Clark wrote: >On 10/29/2010 01:40 PM, Jeremy Chadwick wrote: >> On Fri, Oct 29, 2010 at 01:12:29PM -0400, Stephen Clark wrote: >>> I am supporting over 700 units in the field that are acting as >>> firewall/router/vpn devices, >>> that are running 6.3. It would not be feasible to upgrade them to a >>> new version of FreeBSD >>> remotely. Also if I was going to move to a later release of FreeBSD >>> for the new hardware >>> it would involve months of new testing and validation of the new >>> release, where putting a patched >>> 6.3 kernel is relatively straightforward. >>> =20 >> I'm a little confused. Did you deploy over 700 field units running >> FreeBSD 6.3 without testing it first on this particular piece of >> hardware/setup? Or did you recently upgrade from FreeBSD X.Y to 6.3 and >> found that things broke? What I'm trying to find out is whether or not >> these systems ever worked for you, and if so, at what point did they >> stop working. >Sorry for the confusion. We have a mix of hardware in the field. The curre= nt >hardware platform we are shipping is going EOL from the vendor. I am testi= ng >the vendors next generation of hardware. As with hardware, software goes EOL (or at least EOS) as well and the FreeBSD 6.x branch will not be supported by the FreeBSD project beyond the end of this month. Whilst you are free to continue using older code, you will not be able to rely on the FreeBSD project providing particularly security alerts and fixes. I would suggest that your testing to date shows that you will not be able to deploy your new hardware running the same software image as you currently deploy. Your new hardware would therefore seem to provide an ideal opportunity for you to also move to a newer OS (and still supported) version of FreeBSD. You could then choose whether to maintain the older software on the existing deployed base or validate the newer software on the older hardware and older units as required. --=20 Peter Jeremy --BOKacYhQ+x31HxR3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (FreeBSD) iEYEARECAAYFAkzPDkgACgkQ/opHv/APuId+vQCggneLVIBDSQpuKlQ1Yslhtp3v gloAmwV0MHgBEWmkHAKrELrQdraLLaje =SCOf -----END PGP SIGNATURE----- --BOKacYhQ+x31HxR3--